Re: a question regards to telnet

From: Oskar Pearson <oskar@dont-contact.us>
Date: Thu, 19 Jun 1997 08:39:43 +0200

Julie Xu writes:
> Our squid proxy server is in the host which there are no other users or
> clients in it. but yesterday someone has successfully telneted to this
> host. My question is if it is possible that squid allowed some type of
> telnet?
It shouldn't be possible for them to get a login shell, if that is what
you mean...

> Any comments will be appreciated.
We don't run inetd on any of our servers here, instead we run sshd,
which allows for encrypted sessions and machine authentication...
ftp://ftp.is.co.za/security/network/ssh/

There is a commercial windows version from http://www.datafellows.com/

This would at least stop people from guessing passwords and so on,
if there is a bug in squid that allows people to spawn a login shell
it won't help at all.

Oskar
Received on Wed Jun 18 1997 - 23:52:47 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:32 MST